androidfluttersecurityexceptionsecurity-context

Flutter: SecurityException when building app after updating target SDK version to 34


I am facing an issue while building my Flutter app (in both debug and release modes) after updating the target SDK version to 34 in my build.gradle file. The following exception is thrown:

java.lang.SecurityException: me.way_in.proffer: One of RECEIVER_EXPORTED or RECEIVER_NOT_EXPORTED should be specified when a receiver isn't being registered exclusively for system broadcasts

I am using Flutter version 3.10.5.

This issue started occurring after I updated the target SDK version to 34.

Questions:

  1. What is causing this issue?
  2. Why does this exception occur specifically after changing the target SDK version?
  3. How can I resolve this issue to successfully build my app?

I updated the target SDK version to 34 in my build.gradle file, expecting my app to build successfully as before. However, after making this change, I encountered a SecurityException related to broadcast receivers. I tried adding the android:exported attribute to my receivers in the AndroidManifest.xml file, but the issue persists. I was expecting the app to build without any exceptions.


Solution

  • 1. What is causing this issue? 2. Why does this exception occur specifically after changing the target SDK version?

    The reason you are receiving this exception is due to this change in API 34:

    Apps and services that target Android 14 (API level 34) or higher and use context-registered receivers are required to specify a flag to indicate whether or not the receiver should be exported to all other apps on the device: either RECEIVER_EXPORTED or RECEIVER_NOT_EXPORTED, respectively. This requirement helps protect apps from security vulnerabilities by leveraging the features for these receivers introduced in Android 13.

    3. How can I resolve this issue to successfully build my app?

    I would look inside your application and at your dependencies and see if any declare context-registered receivers. If your application does, then you need to add the required flag to it.

    If one of your dependencies does, I would look at the pub.dev of this dependency to see if there is a version which addressed this issue.